🏠Home 🚨Threats 🧩Patches 📚Books 🎬Mission Logs

📂 Threat Intelligence

10 threats in this category

Check Point Weekly: Top Attacks and Breaches (Week of Oct 27)

Check Point’s weekly bulletin highlights multiple incidents: Toys 'R' Us Canada breach, Askul ransomware disrupting logistics, Verisure data breach via billing partner, LastPass-themed phishing tied t…

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#weekly#cve#ransomware#apt

Google finds Russian state hackers replacing burned malware with new tools

Google’s TAG reports Coldriver (aka Star Blizzard/Callisto/UNC4057) rapidly replaced its exposed LostKeys malware with a new toolchain: NOROBOT initial payload, YESROBOT backdoor, and MAYBEROBOT succe…

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#apt#russia#coldriver#google-tag

Outage Opportunists: Phishing Risks During AWS Downtime

Cofense warns that major outages—such as AWS disruptions—are routinely exploited for phishing, spoofed helpdesks, QR scams, and fake patch downloads. Case studies from 2024–2025 show rapid lure adapta…

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#aws#outage#phishing#qr#mfa-fatigue

Russia-backed COLDRIVER abandons stealer malware for NOROBOT backdoors

Reporting indicates the Russia‑linked COLDRIVER group shifted from stealer malware to using NOROBOT loaders and NOROBOT→MAYBEROBOT backdoors, simplifying the chain to evade detection while maintaining…

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#coldriver#apt#norobot#mayberobot

The Golden Scale: Notable Threat Updates and Looking Ahead

Palo Alto Networks Unit 42 tracks Scattered LAPSUS$ Hunters’ extortion activity after their Oct 10 deadline, observing leaks tied to six companies and chatter about an Extortion‑as‑a‑Service model wit…

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#extortion#leak-sites#eaas#unit42

To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER

Google Threat Intelligence describes evolving COLDRIVER tradecraft: NOROBOT loaders set logon scripts that fetch a PowerShell‑based MAYBEROBOT backdoor (aka SIMPLEFIX), offering flexible command execu…

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#apt#coldriver#norobot#mayberobot#powershell

Threat Intelligence Roundup - Qilin hits Asahi, Crimson Collective abuses AWS, multi-sector breaches

Check Point Research’s 13 October threat bulletin aggregates multiple high-impact events across sectors. Qilin ransomware claimed responsibility for an intrusion at Asahi (Japan), exfiltrating ~27GB a…

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#ransomware#cloud#iam#botnet#extortion#breach

Health-ISAC Q3 Insights - Shai-Hulud npm worm, QR phishing surge, device exposures in Netscaler & Cisco ASA

Health-ISAC’s Q3 2025 Quarterly Threat Insights highlights intensifying threats to healthcare. Notable trends include the Shai-Hulud worm spreading via malicious npm packages that embed into developer…

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#healthcare#supply-chain#phishing#netscaler#cisco-asa#sbom

BlockThreat Week 40 - $5M in Web3 Losses, Abracadabra Exploit, mining pool compromises resurface

The Week 40 BlockThreat newsletter tracks roughly $5M in crypto/Web3 losses across six incidents. A notable case is Abracadabra’s third exploit (~$1.8M), attributed to a simple logic flaw—an omitted e…

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#defi#web3#smart-contracts#mining#exploit

Discord Webhooks C2 - npm/PyPI/RubyGems Supply-Chain Exfil

Socket researchers document malicious packages across npm, PyPI, and RubyGems abusing Discord webhooks for stealthy C2 and exfiltration of secrets and host telemetry.

Category: Threat Alerts / Threat Intelligence / Threat Intelligence

#supply chain#open source#Discord webhooks#exfiltration#C2